Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
ACL has no affect.
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
dE_logics
Advocate
Advocate


Joined: 02 Jan 2009
Posts: 2253
Location: $TERM

PostPosted: Thu Mar 27, 2014 7:04 am    Post subject: ACL has no affect. Reply with quote

I've add users and groups to ACL, but they seem to get ignored. They've no affect at all. Even the default user/group/other permissions have no affect.

Code:
 getfacl ACL/
# file: ACL/
# owner: root
# group: root
user::rwx
group::rwx
other::rwx
default:user::rwx
default:user:de:---
default:group::rwx
default:mask::rwx
default:other::rwx


Code:
de@DESKTOP_MINER ~ $ cd ACL/; ls
dir  file


So default:user:de:--- is being ignored.

I invert the situation --

Code:
getfacl ACL/
# file: ACL/
# owner: root
# group: root
user::rwx
group::rwx
other::---
default:user::rwx
default:user:de:rwx
default:group::rwx
default:mask::rwx
default:other::---


To get --

Code:

$ cd ACL/; ls
bash: cd: ACL/: Permission denied

_________________
My blog
Back to top
View user's profile Send private message
dE_logics
Advocate
Advocate


Joined: 02 Jan 2009
Posts: 2253
Location: $TERM

PostPosted: Fri Mar 28, 2014 2:34 am    Post subject: Reply with quote

Hummm...

I see this's NOT normal behavior.

Unfortunately, the same thing happens with that Fedora VM which's installed on ext4.
_________________
My blog
Back to top
View user's profile Send private message
ulenrich
Veteran
Veteran


Joined: 10 Oct 2010
Posts: 1480

PostPosted: Fri Mar 28, 2014 8:23 am    Post subject: Reply with quote

Perhaps "ls" does too much itself:
It explores the old 4byte posix allowences, before it tries to get the requested info from the kernel?
Back to top
View user's profile Send private message
dE_logics
Advocate
Advocate


Joined: 02 Jan 2009
Posts: 2253
Location: $TERM

PostPosted: Fri Mar 28, 2014 8:34 am    Post subject: Reply with quote

ulenrich wrote:
Perhaps "ls" does too much itself:
It explores the old 4byte posix allowences, before it tries to get the requested info from the kernel?


The permission should be enforced by the kernel. No use if a non-root user can modify them.
_________________
My blog
Back to top
View user's profile Send private message
dE_logics
Advocate
Advocate


Joined: 02 Jan 2009
Posts: 2253
Location: $TERM

PostPosted: Fri Mar 28, 2014 10:24 am    Post subject: Reply with quote

I tried to open the dir using dolphin, but that too says access denied.
_________________
My blog
Back to top
View user's profile Send private message
dE_logics
Advocate
Advocate


Joined: 02 Jan 2009
Posts: 2253
Location: $TERM

PostPosted: Sat Mar 29, 2014 3:37 am    Post subject: Reply with quote

Resolving to the kernel mailing list.
_________________
My blog
Back to top
View user's profile Send private message
ulenrich
Veteran
Veteran


Joined: 10 Oct 2010
Posts: 1480

PostPosted: Sat Mar 29, 2014 9:04 am    Post subject: Reply with quote

Please report back, I ever wanted to know
how these acls are supposed to funciton ...
Back to top
View user's profile Send private message
dE_logics
Advocate
Advocate


Joined: 02 Jan 2009
Posts: 2253
Location: $TERM

PostPosted: Sun Mar 30, 2014 4:55 pm    Post subject: Reply with quote

I contacted the ACL utils devs and they asked to me to read the alc(5) man page.

Now I clarify -- it works.
_________________
My blog
Back to top
View user's profile Send private message
ulenrich
Veteran
Veteran


Joined: 10 Oct 2010
Posts: 1480

PostPosted: Mon Mar 31, 2014 2:30 pm    Post subject: Reply with quote

dE_logics wrote:
it works.
What did you do wrongly?
Back to top
View user's profile Send private message
py-ro
Veteran
Veteran


Joined: 24 Sep 2002
Posts: 1734
Location: Velbert

PostPosted: Tue Apr 01, 2014 10:04 am    Post subject: Reply with quote

The "old" Posix bytes are the my you can get with ACLs, it is like a upper limit. If it says like 600, even a ACL can't allow anyone other then the user to read or write it.
Back to top
View user's profile Send private message
dE_logics
Advocate
Advocate


Joined: 02 Jan 2009
Posts: 2253
Location: $TERM

PostPosted: Fri May 16, 2014 4:49 am    Post subject: Reply with quote

ulenrich wrote:
dE_logics wrote:
it works.
What did you do wrongly?


Now I don't remember (my mail box is full, I didn't read your reply).

There was some misunderstanding with the concepts.
_________________
My blog
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum